Skip to content
This repository has been archived by the owner on Jan 12, 2022. It is now read-only.

Latest commit

 

History

History
427 lines (368 loc) · 82 KB

deploy_radondb_postgresql_on_kubernetes_repo.md

File metadata and controls

427 lines (368 loc) · 82 KB

Contents

在 Kubernetes 上通过 Helm Repo 部署 RadonDB PostgreSQL 集群

简介

RadonDB PostgreSQL 是基于 PostgreSQL 的开源、高可用、云原生集群解决方案。

  • 通过 Pgpool-II 代理 PostgreSQL 后端服务,用于减少 PostgreSQL 后端的连接消耗,针对 PostgreSQL 读写流量进行负载均衡,增强系统的整体吞吐量。
  • 通过 repmgr 实现 PostgreSQL 节点的故障转移。

本教程演示如何使用命令行在 Kubernetes 上部署 RadonDB PostgreSQL。

部署准备

  • 已成功部署 Kubernetes 集群。

部署步骤

步骤 1 : 添加仓库

添加并更新 helm 仓库。

$ helm repo add pgha https://zhl003.github.io/radondb-postgresql-kubernetes
$ helm repo update

步骤 2 : 部署

以下命令指定 release 名为 demo,将在命名空间demo下创建一个名为 pgha-radondb-pgpool 的有状态副本集。

$ helm install demo pgha/radondb -n demo
NAME: demo
LAST DEPLOYED: Wed May 19 06:13:27 2021
NAMESPACE: demo
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **

PostgreSQL can be accessed through Pgpool via port 5432 on the following DNS name from within your cluster:

    demo-radondb-pgpool.demo.svc.cluster.local

Pgpool acts as a load balancer for PostgreSQL and forward read/write connections to the primary node while read-only connections are forwarded to standby nodes.

To get the password for "postgres" run:

    export POSTGRES_PASSWORD=$(kubectl get secret --namespace demo demo-radondb-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)

To get the password for "repmgr" run:

    export REPMGR_PASSWORD=$(kubectl get secret --namespace demo demo-radondb-postgresql -o jsonpath="{.data.repmgr-password}" | base64 --decode)

To connect to your database run the following command:

    kubectl run demo-radondb-client --rm --tty -i --restart='Never' --namespace demo --image docker.io/radondb/postgresql-repmgr:11.11.0-debian-r1 --env="PGPASSWORD=$POSTGRES_PASSWORD"  \
        --command -- psql -h demo-radondb-pgpool -p 5432 -U postgres -d postgres

To connect to your database from outside the cluster execute the following commands:

    kubectl port-forward --namespace demo svc/demo-radondb-pgpool 5432:5432 &
    psql -h 127.0.0.1 -p 5432 -U postgres -d postgres

分别执行如下指令,查看到 release 名为 demo 的有状态副本集 demo-radondb,则 RadonDB PostgreSQL 部署成功。

$ helm list -n demo
NAME    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
demo    demo            1               2021-05-19 06:13:27.219204491 +0000 UTC deployed        radondb-1.0.0     11.11.0   

$ kubectl get statefulsets.apps -n demo
NAME                            READY   AGE
demo-radondb-postgresql   4/4     2m9s

步骤 3 : 部署校验

部署指令执行完成后,查看 RadonDB PostgreSQL 有状态副本集,pod 状态及服务。可查看到相关信息,则 RadonDB PostgreSQL 部署成功。

kubectl get statefulset,pod,svc -n demo

访问 RadonDB PostgreSQL

您需要准备一个用于连接 RadonDB PostgreSQL 的客户端。

与客户端在同一 NS 中

当客户端与 RadonDB PostgreSQL 集群在同一个 NameSpace 中时,可使用 Leader/Follower service 名称代替具体的 IP 和端口。

  • 连接 pgpool 节点(读写节点)。
    psql -h <service demo-radondb-pgpool 名称> -p 5432 -U postgres -d postgres

与客户端不在同一 NS 中

当客户端与 RadonDB PostgreSQL 集群不在同一个 NameSpace 中时,需先分别获取连接所需的节点地址、节点端口、服务名称。

  1. 查询 Pod 列表和服务列表,分别获取 pod 名称和服务名称。

    kubectl get pod,svc
  2. 开启服务网络访问。

    执行如下命令,打开服务配置文件,将 spec 下 type 参数设置为 NodePort

    kubectl edit svc <服务名称>
  3. 分别获取 Pod 所在的节点地址和节点端口。

    kubectl describe pod <Pod名称>
    kubectl describe svc <服务名称>
  4. 连接节点。

    psql -h <pgpool节点地址> -p <节点端口> -U postgres -d postgres

配置

下表列出了 RadonDB PostgreSQL Chart 的配置参数及对应的默认值。

参数 描述 默认值
Global
global.imageRegistry Global Docker image registry nil
global.imagePullSecrets Global Docker registry secret names as an array [] (does not add image pull secrets to deployed pods)
global.storageClass Global storage class for dynamic provisioning nil
global.postgresql.existingSecret Name of existing secret to use for PostgreSQL passwords (overrides postgresql.existingSecret) nil
global.postgresql.username PostgreSQL username (overrides postgresql.username) postgres
global.postgresql.password PostgreSQL password (overrides postgresql.password) Qing@123
global.postgresql.database PostgreSQL database (overrides postgresql.database) nil
global.postgresql.repmgrUsername PostgreSQL repmgr username (overrides postgresql.repmgrUsername) repmgr
global.postgresql.repmgrPassword PostgreSQL repmgr password (overrides postgresql.repmgrpassword) Repmgr_123
global.postgresql.repmgrDatabase PostgreSQL repmgr database (overrides postgresql.repmgrDatabase) nil
global.ldap.existingSecret Name of existing secret to use for LDAP passwords (overrides ldap.existingSecret) nil
global.ldap.bindpw LDAP bind password (overrides ldap.bindpw) nil
global.pgpool.adminUsername Pgpool Admin username (overrides pgpool.adminUsername) admin
global.pgpool.adminPassword Pgpool Admin password (overrides pgpool.adminPassword) Pgpool@123
General
commonLabels Labels to add to all deployed objects nil
commonAnnotations Annotations to add to all deployed objects []
nameOverride String to partially override postgres-ha.fullname template with a string nil
fullnameOverride String to fully override postgres-ha.fullname template with a string nil
clusterDomain Default Kubernetes cluster domain cluster.local
extraDeploy Array of extra objects to deploy with the release (evaluated as a template). nil
serviceAccount.enabled Enable service account (Note: Service Account will only be automatically created if serviceAccount.name is not set) false
serviceAccount.name Name of existing service account nil
PostgreSQL with Repmgr
postgresqlImage.registry Registry for PostgreSQL with Repmgr image docker.io
postgresqlImage.tag Tag for PostgreSQL with Repmgr image {TAG_NAME}
postgresqlImage.pullPolicy PostgreSQL with Repmgr image pull policy IfNotPresent
postgresqlImage.pullSecrets Specify docker-registry secret names as an array [] (does not add image pull secrets to deployed pods)
postgresqlImage.debug Specify if debug logs should be enabled false
postgresql.hostAliases Add deployment host aliases []
postgresql.labels Map of labels to add to the statefulset. Evaluated as a template {}
postgresql.podLabels Map of labels to add to the pods. Evaluated as a template {}
postgresql.replicaCount The number of replicas to deploy 2
postgresql.updateStrategyType Statefulset update strategy policy RollingUpdate
postgresql.podAnnotations Additional pod annotations {}
postgresql.priorityClassName Pod priority class ``
postgresql.podAffinityPreset PostgreSQL pod affinity preset. Ignored if postgresql.affinity is set. Allowed values: soft or hard ""
postgresql.podAntiAffinityPreset PostgreSQL pod anti-affinity preset. Ignored if postgresql.affinity is set. Allowed values: soft or hard soft
postgresql.nodeAffinityPreset.type PostgreSQL node affinity preset type. Ignored if postgresql.affinity is set. Allowed values: soft or hard ""
postgresql.nodeAffinityPreset.key PostgreSQL node label key to match Ignored if postgresql.affinity is set. ""
postgresql.nodeAffinityPreset.values PostgreSQL node label values to match. Ignored if postgresql.affinity is set. []
postgresql.affinity Affinity for PostgreSQL pods assignment {} (evaluated as a template)
postgresql.nodeSelector Node labels for PostgreSQL pods assignment {} (evaluated as a template)
postgresql.tolerations Tolerations for PostgreSQL pods assignment [] (evaluated as a template)
postgresql.securityContext.* Other pod security context to be included as-is in the pod spec {}
postgresql.securityContext.enabled Enable security context for PostgreSQL with Repmgr true
postgresql.securityContext.fsGroup Group ID for the PostgreSQL with Repmgr filesystem 1001
postgresql.containerSecurityContext.* Other container security context to be included as-is in the container spec {}
postgresql.containerSecurityContext.enabled Enable container security context true
postgresql.containerSecurityContext.runAsUser User ID for the PostgreSQL with Repmgr container 1001
postgresql.resources The [resources] to allocate for container {}
postgresql.livenessProbe Liveness probe configuration for PostgreSQL with Repmgr Check values.yaml file
postgresql.readinessProbe Readiness probe configuration for PostgreSQL with Repmgr Check values.yaml file
postgresql.startupProbe Startup probe configuration for PostgreSQL with Repmgr Check values.yaml file
postgresql.customLivenessProbe Override default liveness probe nil
postgresql.customReadinessProbe Override default readiness probe nil
postgresql.customStartupProbe Override default startup probe nil
postgresql.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with extraVolumes. nil
postgresql.sidecars Attach additional containers to the pod (evaluated as a template) nil
postgresql.initContainers Add additional init containers to the pod (evaluated as a template) nil
postgresql.extraEnvVars Array containing extra env vars nil
postgresql.extraEnvVarsCM ConfigMap containing extra env vars nil
postgresql.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) nil
postgresql.command Override default container command (useful when using custom images) nil
postgresql.args Override default container args (useful when using custom images) nil
postgresql.lifecycleHooks LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template ``
postgresql.pdb.create If true, create a pod disruption budget for PostgreSQL with Repmgr pods false
postgresql.pdb.minAvailable Minimum number / percentage of pods that should remain scheduled 1
postgresql.pdb.maxUnavailable Maximum number / percentage of pods that may be made unavailable nil
postgresql.username PostgreSQL username postgres
postgresql.password PostgreSQL password Qing@123
postgresql.existingSecret Name of existing secret to use for PostgreSQL passwords nil
postgresql.postgresPassword PostgreSQL password for the postgres user when username is not postgres nil
postgresql.database PostgreSQL database postgres
postgresql.usePasswordFile Have the secrets mounted as a file instead of env vars false
postgresql.repmgrUsePassfile Configure repmgrl to use passfile instead of password vars false
postgresql.repmgrPassfilePath Custom path where passfile will be stored nil
postgresql.upgradeRepmgrExtension Upgrade repmgr extension in the database false
postgresql.pgHbaTrustAll Configures PostgreSQL HBA to trust every user false
postgresql.syncReplication Make the replication synchronous. This will wait until the data is synchronized in all the replicas before other query can be run. This ensures the data availability at the expenses of speed. false
postgresql.sharedPreloadLibraries Shared preload libraries (comma-separated list) pgaudit, repmgr
postgresql.maxConnections Maximum total connections nil
postgresql.postgresConnectionLimit Maximum total connections for the postgres user nil
postgresql.dbUserConnectionLimit Maximum total connections for the non-admin user nil
postgresql.tcpKeepalivesInterval TCP keepalives interval nil
postgresql.tcpKeepalivesIdle TCP keepalives idle nil
postgresql.tcpKeepalivesCount TCP keepalives count nil
postgresql.statementTimeout Statement timeout nil
postgresql.pghbaRemoveFilters Comma-separated list of patterns to remove from the pg_hba.conf file nil
postgresql.audit.logHostname Add client hostnames to the log file true
postgresql.audit.logConnections Add client log-in operations to the log file false
postgresql.audit.logDisconnections Add client log-outs operations to the log file false
postgresql.audit.pgAuditLog Add operations to log using the pgAudit extension nil
postgresql.audit.clientMinMessages Message log level to share with the user nil
postgresql.audit.logLinePrefix Template string for the log line prefix nil
postgresql.audit.logTimezone Timezone for the log timestamps nil
postgresql.repmgrUsername PostgreSQL repmgr username repmgr
postgresql.repmgrPassword PostgreSQL repmgr password Repmgr_123
postgresql.repmgrDatabase PostgreSQL repmgr database repmgr
postgresql.repmgrLogLevel Repmgr log level (DEBUG, INFO, NOTICE, WARNING, ERROR, ALERT, CRIT or EMERG) NOTICE
postgresql.repmgrConnectTimeout Repmgr backend connection timeout (in seconds) 5
postgresql.repmgrReconnectAttempts Repmgr backend reconnection attempts 3
postgresql.repmgrReconnectInterval Repmgr backend reconnection interval (in seconds) 5
postgresql.repmgrConfiguration Repmgr Configuration nil
postgresql.configuration PostgreSQL Configuration nil
postgresql.pgHbaConfiguration Content of pg_hba.conf nil (do not create pg_hba.conf)
postgresql.configurationCM ConfigMap with the PostgreSQL configuration files (Note: Overrides postgresql.repmgrConfiguration, postgresql.configuration and postgresql.pgHbaConfiguration) nil (The value is evaluated as a template)
postgresql.extendedConf Extended PostgreSQL Configuration (appended to main or default configuration). Implies volumePermissions.enabled. nil
postgresql.extendedConfCM ConfigMap with the extended PostgreSQL configuration files (Note: Overrides postgresql.extendedConf) Implies volumePermissions.enabled. nil (The value is evaluated as a template)
postgresql.initdbScripts Dictionary of initdb scripts nil
postgresql.initdbScriptsCM ConfigMap with the initdb scripts (Note: Overrides initdbScripts). The value is evaluated as a template. nil
postgresql.initdbScriptsSecret Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. nil
Pgpool
pgpoolImage.registry Registry for Pgpool docker.io
pgpoolImage.tag Tag for Pgpool {TAG_NAME}
pgpoolImage.pullPolicy Pgpool image pull policy IfNotPresent
pgpoolImage.pullSecrets Specify docker-registry secret names as an array [] (does not add image pull secrets to deployed pods)
pgpoolImage.debug Specify if debug logs should be enabled false
pgpool.customUsers.usernames Comma or semicolon separated list of postgres usernames to be added to pgpool_passwd nil
pgpool.customUsers.passwords Comma or semicolon separated list of the associated passwords for the users to be added to pgpool_passwd nil
pgpool.customUsersSecret Name of a secret containing the usernames and passwords of accounts that will be added to pgpool_passwd nil
pgpool.srCheckDatabase Name of the database to perform streaming replication checks postgres
pgpool.hostAliases Add deployment host aliases []
pgpool.labels Map of labels to add to the deployment. Evaluated as a template {}
pgpool.podLabels Map of labels to add to the pods. Evaluated as a template {}
pgpool.replicaCount The number of replicas to deploy 1
pgpool.customLivenessProbe Override default liveness probe nil
pgpool.customReadinessProbe Override default readiness probe nil
pgpool.customStartupProbe Override default startup probe nil
pgpool.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with extraVolumes. nil
pgpool.sidecars Attach additional containers to the pod (evaluated as a template) nil
pgpool.initContainers Add additional init containers to the pod (evaluated as a template) nil
pgpool.extraEnvVars Array containing extra env vars nil
pgpool.extraEnvVarsCM ConfigMap containing extra env vars nil
pgpool.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) nil
pgpool.command Override default container command (useful when using custom images) nil
pgpool.args Override default container args (useful when using custom images) nil
pgpool.lifecycleHooks LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template ``
pgpool.podAnnotations Additional pod annotations {}
pgpool.initdbScripts Dictionary of initdb scripts nil
pgpool.initdbScriptsCM ConfigMap with the initdb scripts (Note: Overrides initdbScripts). The value is evaluated as a template. nil
pgpool.initdbScriptsSecret Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. nil
pgpool.priorityClassName Pod priority class ``
pgpool.podAffinityPreset Pgpool pod affinity preset. Ignored if pgpool.affinity is set. Allowed values: soft or hard ""
pgpool.podAntiAffinityPreset Pgpool pod anti-affinity preset. Ignored if pgpool.affinity is set. Allowed values: soft or hard soft
pgpool.nodeAffinityPreset.type Pgpool node affinity preset type. Ignored if pgpool.affinity is set. Allowed values: soft or hard ""
pgpool.nodeAffinityPreset.key Pgpool node label key to match Ignored if pgpool.affinity is set. ""
pgpool.nodeAffinityPreset.values Pgpool node label values to match. Ignored if pgpool.affinity is set. []
pgpool.affinity Affinity for Pgpool pods assignment {} (evaluated as a template)
pgpool.nodeSelector Node labels for Pgpool pods assignment {} (evaluated as a template)
pgpool.tolerations Tolerations for Pgpool pods assignment [] (evaluated as a template)
pgpool.securityContext.* Other pod security context to be included as-is in the pod spec {}
pgpool.securityContext.enabled Enable security context for Pgpool true
pgpool.securityContext.fsGroup Group ID for the Pgpool filesystem 1001
pgpool.containerSecurityContext.* Other container security context to be included as-is in the container spec {}
pgpool.containerSecurityContext.enabled Enable container security context true
pgpool.containerSecurityContext.runAsUser User ID for the Pgpool container 1001
pgpool.resources The [resources] to allocate for container {}
pgpool.livenessProbe Liveness probe configuration for Pgpool Check values.yaml file
pgpool.readinessProbe Readiness probe configuration for Pgpool Check values.yaml file
pgpool.startupProbe Startup probe configuration for Pgpool Check values.yaml file
pgpool.pdb.create If true, create a pod disruption budget for Pgpool pods. false
pgpool.pdb.minAvailable Minimum number / percentage of pods that should remain scheduled 1
pgpool.pdb.maxUnavailable Maximum number / percentage of pods that may be made unavailable nil
pgpool.updateStrategy Strategy used to replace old Pods by new ones {}
pgpool.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update nil
pgpool.adminUsername Pgpool Admin username admin
pgpool.adminPassword Pgpool Admin password Pgpool@123
pgpool.logConnections Log all client connections false
pgpool.logHostname Log the client hostname instead of IP address true
pgpool.logPerNodeStatement Log every SQL statement for each DB node separately false
pgpool.logLinePrefix Format of the log entry lines nil
pgpool.clientMinMessages Log level for clients error
pgpool.numInitChildren The number of preforked Pgpool-II server processes. 32
pgpool.maxPool The maximum number of cached connections in each child process 15
pgpool.childMaxConnections The maximum number of client connections in each child process nil
pgpool.childLifeTime The time in seconds to terminate a Pgpool-II child process if it remains idle nil
pgpool.clientIdleLimit The time in seconds to disconnect a client if it remains idle since the last query nil
pgpool.connectionLifeTime The time in seconds to terminate the cached connections to the PostgreSQL backend nil
pgpool.useLoadBalancing If true, use Pgpool Load-Balancing true
pgpool.configuration Content of pgpool.conf nil
pgpool.configurationCM ConfigMap with the Pgpool configuration file (Note: Overrides pgpol.configuration). The file used must be named pgpool.conf. nil (The value is evaluated as a template)
pgpool.tls.enabled Enable TLS traffic support for end-client connections false
pgpool.tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's true
pgpool.tls.certificatesSecret Name of an existing secret that contains the certificates nil
pgpool.tls.certFilename Certificate filename ""
pgpool.tls.certKeyFilename Certificate key filename ""
pgpool.tls.certCAFilename CA Certificate filename. If provided, PgPool will authenticate TLS/SSL clients by requesting them a certificate. nil
LDAP
ldap.enabled Enable LDAP support false
ldap.existingSecret Name of existing secret to use for LDAP passwords nil
ldap.uri LDAP URL beginning in the form ldap[s]://<hostname>:<port> nil
ldap.base LDAP base DN nil
ldap.binddn LDAP bind DN nil
ldap.bindpw LDAP bind password nil
ldap.bslookup LDAP base lookup nil
ldap.scope LDAP search scope nil
ldap.tlsReqcert LDAP TLS check on server certificates nil
ldap.nssInitgroupsIgnoreusers LDAP ignored users root,nslcd
Prometheus metrics
metricsImage.registry Registry for PostgreSQL Prometheus exporter docker.io
metricsImage.tag Tag for PostgreSQL Prometheus exporter {TAG_NAME}
metricsImage.pullPolicy PostgreSQL Prometheus exporter image pull policy IfNotPresent
metricsImage.pullSecrets Specify docker-registry secret names as an array [] (does not add image pull secrets to deployed pods)
metricsImage.debug Specify if debug logs should be enabled false
metrics.securityContext.* Other container security context to be included as-is in the container spec {}
metrics.securityContext.enabled Enable security context for PostgreSQL Prometheus exporter true
metrics.securityContext.runAsUser User ID for the PostgreSQL Prometheus exporter container 1001
metrics.resources The [resources] to allocate for container {}
metrics.livenessProbe Liveness probe configuration for PostgreSQL Prometheus exporter Check values.yaml file
metrics.readinessProbe Readiness probe configuration for PostgreSQL Prometheus exporter Check values.yaml file
metrics.startupProbe Startup probe configuration for PostgreSQL Prometheus exporter Check values.yaml file
metrics.annotations Annotations for PostgreSQL Prometheus exporter service {prometheus.io/scrape: "true", prometheus.io/port: "9187"}
metrics.customMetrics Additional custom metrics nil
metrics.extraEnvVars Extra environment variables to add to exporter {} (evaluated as a template)
metrics.serviceMonitor.enabled if true, creates a Prometheus Operator ServiceMonitor (also requires metrics.enabled to be true) false
metrics.serviceMonitor.namespace Optional namespace which Prometheus is running in nil
metrics.serviceMonitor.interval How frequently to scrape metrics (use by default, falling back to Prometheus' default) nil
metrics.serviceMonitor.selector Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install {prometheus: "kube-prometheus"}
metrics.serviceMonitor.relabelings ServiceMonitor relabelings. Value is evaluated as a template []
metrics.serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings. Value is evaluated as a template []
Init Container to adapt volume permissions
volumePermissionsImage.registry Init container volume-permissions image registry docker.io
volumePermissionsImage.pullPolicy Init container volume-permissions image pull policy Always
volumePermissionsImage.pullSecrets Specify docker-registry secret names as an array [] (does not add image pull secrets to deployed pods)
volumePermissions.enabled Enable init container to adapt volume permissions false
volumePermissions.securityContext.* Other container security context to be included as-is in the container spec {}
volumePermissions.securityContext.enabled Init container volume-permissions security context false
volumePermissions.securityContext.runAsUser Init container volume-permissions User ID 0
Persistence
persistence.enabled Enable data persistence true
persistence.existingClaim Use a existing PVC which must be created manually before bound. PVC will be shared between all replicas, which is useful for special cases only. nil
persistence.storageClass Specify the storageClass used to provision the volume nil
persistence.mountPath Path to mount data volume at nil
persistence.accessModes List of access modes of data volume ReadWriteOnce
persistence.size Size of data volume 8Gi
persistence.annotations Persistent Volume Claim annotations {}
persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) {}
Expose
service.type Kubernetes service type (ClusterIP, NodePort or LoadBalancer) ClusterIP
service.port PostgreSQL port 5432
service.nodePort Kubernetes service nodePort nil
service.annotations Annotations for PostgreSQL service {}
service.serviceLabels Labels for PostgreSQL service {}
service.loadBalancerIP loadBalancerIP if service type is LoadBalancer nil
service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer []
service.clusterIP Static clusterIP or None for headless services nil
service.externalTrafficPolicy Enable client source IP preservation Cluster
service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" None
networkPolicy.enabled Enable NetworkPolicy false
networkPolicy.allowExternal Don't require client label for connections true

持久化

默认情况下,会创建一个 PersistentVolumeClaim 并将其挂载到指定目录中。 若想禁用此功能,您可以更改 values.yaml 禁用持久化,改用 emptyDir。

"当 Pod 分配给节点时,将首先创建一个 emptyDir 卷,只要该 Pod 在该节点上运行,该卷便存在。 当 Pod 从节点中删除时,emptyDir 中的数据将被永久删除."

注意:PersistentVolumeClaim 中可以使用不同特性的 PersistentVolume,其 IO 性能会影响数据库的初始化性能。所以当使用 PersistentVolumeClaim 启用持久化存储时,可能需要调整 livenessProbe.initialDelaySeconds 的值。数据库初始化的默认限制是60秒 (livenessProbe.initialDelaySeconds + livenessProbe.periodSeconds * livenessProbe.failureThreshold)。如果初始化时间超过限制,kubelet将重启数据库容器,数据库初始化被中断,会导致持久数据不可用。

自定义 PostgreSQL 配置

values.yaml 中添加/更改 PostgreSQL 配置。

    extendedConf: |-
    deadlock_timeout = 1s
    max_locks_per_transaction = 64